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[57] ABSTRACT 

Remote control of the use of computer data is described 
in a system for renting computer software which de- 
rives use and billing information, prevents unauthorized 
use, maintains integrity of the software and controls 
related intercomputer communications. A user at a 
target computer "dowrdoa'dsSIprograniSjOr data, via a 
telephone line and remoteicontroljmodules, fromiaiEost 
-eomputerivUsage of the programs or data by the target 
computer or other accounting data are recorded and 
stored and,4atfpxggeteEm^ 

"upload^th^usage^^ features 
include: (1) software and usage security for rental pro- 
grams; (2) a polynomial generator/checker for generat- 
ing block check characters for assuring integrity of data 
transmitted and received; (3) a voice-data switch for 
switching between data communication and normal 
telephone communication; and (4) an audio amplifier 
and speaker for monitoring of activity on the communi- 
cation line during data transfers. 
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pose, the customer is provided with a control box sup- 

METHOD AND APPARATUS FOR REMOTELY plied by a cable television company. The control box, 

CONTROLLING AND MONITORING THE USE OF once activated from the cable company office, decrypts 

COMPUTER SOFTWARE encrypted television signals transmitted to the user by 

5 the cable company. If the customer is not authorized to 

CROSS REFERENCE TO RELATED view a particular program, the image remains scram- 

APPLICATION bled, and is unintelligible to the viewer. Conversely, 

This is a continuation of application Ser. No. once the customer has selected and paid for the pro- 

07883,818, filed May 14, 1992, now abandoned, which is gram desired, the control box decrypts the signal and 

a continuation of application Ser. No. 07/345,083, filed 10 the program is understandable by the viewer. 

Apr. 28, 1989, now abandoned. In the relevant prior art, U.S. Pat. No. 4,361,851 

« a ^on^^ a. «n«,i«v^ *r<rr< discloses a television usage monitoring system compris- 

BACKGROUND ^NDSUMMARY OF THE ^ a modified program Elector (ins ^ m the home 

I NVE NTIO N Q f a . su bscriber)-which-is-used-to select television pro- 

— The present invention relates to remotely controlling 15 grams for viewing while, at the same time, providing 

and monitoring the use of computer software. More the selection information to a remote monitoring unit 

particularly, this invention relates to a system for rent- (also installed in the subscriber's home). The remote 

ing computer software products while 1) deriving cus- monitoring unit is connected to the subscriber's tele- 

tomer use and billing information; 2) preventing unau- phone line and is programmed to periodically commu- 

thorized copying and use; 3) m ai n ta inin g the integrity of 20 nicate, via telephone lines, with a central computer for 

the rented software product (hereafter also ''package"); the purpose of transmitting the television usage data 

and 4) controlling related voice, program and data com- thereto. The disclosed remote monitoring system can be 

munications between the host and user's computers. utilized for "[a]ccess to centralized public database net- 

For purposes of the present invention, rental com- WO rks" (see column 2, line 4). The system is also de- 

puter software refers to the service of providing com- 25 gcribed ^ ^vrng the capability of producing a "dis- 

puter software to customers (hereafter also users) on a able » signal from ^ central computer to the remote 

pay-as-used basis, where the software is executed on the ^ ^ for e le> ^ subscriber ^ not timely paid 

customer's own personal computer. In the past, the only charges due 

on his account. It should be noted that U.S. 

software offered for rent" was software installed .on pa{ 6 No Am g51 ^ disclose a tem for i } 

centeaUy located computers, accessible via remotely 30 ^ • control]ed download 4 ^ ^ c f 

located workstations or terminals. Such systems are . J , , . » x * i *_ « ui 

well-known as "time-sharing" systems. computer programs and date; 2) remotely controllable 

In time-share systems, software is executed on the monitoring of use and I security of the downloaded pro- 
central computer system, and not on the customer's grains and data; and 3) accessing and relieving stored 
own computer. Time-shared software is typically ac- 35 W data. In addition, neither means for generating 
cessed over telephone networks using a "dumb" termi- block check characters for data transmitted and re- 
nal or equivalent located at the customer's home or ****** nor voice-data switching capability is described, 
office. In such systems, all customers share the central US * Pat Na 4 » 624 >578 discloses a rental contract 
computer resource, and the quality and delivery of timer s > rstein for operating a relay to connect power to 
services provided generally degrade, Le., slow down, as 40 * e rental equipment such as a television set, only dur- 
more customers attempt to use the resource simulta- m S ^ t ^ me for which rental has been paid. A magnetic 
neously. In addition to charges for the central computer 031(1 reader determines, from an inserted card, the 
to execute the users program (Le. CPU time), charges rental period and identifying information, and the timer 
for time-share usage must also include the cost for con- contains a real-time clock and a microprocessor to com- 
tinuous use of the public telephone network for the 45 pare the current time with the time in the rental period, 
duration of the connection to the central computer (i.e. 1x1 addition, U.S. Pat No. 4,700,296 discloses an elec- 
connect time), whether or not the central computer is tronic access control system for controlling customer 
actually executing the user's program. Thus, as the access to rental appliances located in the customer's 
number of users increase, both CPU time and connect home or other location away from the direct physical 
time increase; as CPU time and connect time increase, 50 control of the renter. The system comprises a control 
charges escalate as service degrades. module wired into the appliance with a card reader for 

In general, and particularly in the circumstances just programming the module to permit access and usage of 
described, charges for use of software via time-share the appliance by the customer, 
systems are likely to be much greater and far less pre- In the software rental system of the present invention, 
dictable than for the rental of software which is exe- 55 a control module is installed on or in cooperation with 
cuted on the customer's own computer. On the other the customer's computer (hereafter also target corn- 
hand, host-based, time-share systems have successfully puter), and the customer pays for services, i.e., the use 
provided software that is too expensive or complex to of the software, received. While operation of the system 
be made available on smaller systems such as personal is as convenient to use, substantially different features, 
computers. Thus it is desirable to continue offering 60 advantages and implementation with respect to the 
expensive and complex software installed on host-based corresponding television system are necessary and de- 
systems, while eliminating the disadvantages of time- sirable. Specifically, the customer in a software rental 
share systems. system may rent any program of an entire library of 

The software rental system of the present invention computer programs at any time, rather than waiting for 

has some features which are not unlike pay-for-view 65 a particular time slot during which a particular program 

television systems enjoyed by television viewers today. would be available. Moreover, it is not necessary to 

In pay-for-view television systems, the customer gener- install a separate transmission system, such as a TV 

ally pays to watch a particular program. For that pur- cable system, to access programs, since they are down- 
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loaded over conventional telephone lines. Finally, the of otherwise expensive and complex software, such as 
software available for rent is not broadcast over the certain engineering or scientific software, as well as 
entire system, but rather individual programs are down- certain financial accounting or tax programs, 
loaded to the user's system from the host only after The system is also well-suited for allowing a cus- 
selection by the user. 5 tomer to use moderately priced software on a rental 

The control module used in the proposed software basis to see if it really meets his needs. If satisfied, the 
rental system performs many more functions than its software could be purchased, and marketing programs 
counterpart in the pay-for-view television system. For whereby the customer may apply some or all of the 
example, it controls and verifies that use of a program is rental fees to the purchase price of the software could 
authorized; it records the actual time that the program 10 be devised. The proposed software rental system, there- 
is used; and it protects the rental program from theft, fore, offers software on a rental basis to new or low- 
copying, vandalism or modification. In addition, facili- usage customers at lower cost than would be otherwise 
ties for communication via the telephone lines between incurred by purchase of the same software. 

the control module installed at the user's site^ndjhe Rental - software, as contemplated by the present' in- - 

—central or host computer are provided. 15 yention, is less expensive than time-share software, and 

A software rental system according to the present more convenient to use because execution is controlled 
invention is also efficient and highly automated, for by the user and unaffected by the number of other users, 
performing a number of overhead functions. At the By eliminating the high initial cost of purchasing soft- 
same time, in order to maximize customer satisfaction, ware and unpredictable cost and inconvenience of time- 
the overhead activities of the control module are essen- 20 sharing, the number of users of a software rental system 
tially transparent to the user. Thus, for example, ac- could be expected to grow indefinitely. Moreover, with 
counting and billing activities are automated to avoid more users becoming acquainted with various software 
the need for manual "meter readers", and other control products, the software industry as a whole would bene- 
operations conventionally involving a high degree of fit, since the number of ultimate purchasers of the soft- 
overhead expense are reduced or eliminated where 25 ware would be likely to increase. Thus, with respect to 
possible. both rental and purchase of software, the revenue of 

By means of the present invention, an authorized user software vendors may be expected to increase, 
at the target computer is able to "download" programs The above and other objects, features and advan- 
or data, via a telephone line and a programmable remote tages, as will hereinafter appear, and the nature of the 
control module (RCM) connected at each end thereof 30 invention will be more fully understood by means of the 
from a central or host computer. Usage and other ac- detailed description set forth below, with reference to 
counting data are monitored by the RCM and stored in the associated drawings and the appended claims, 
memory resident therein. At predetermined times, the 

central or host computer accesses the RCM for the BRIEF DESCRIPTION OF DRAWINGS 

purpose of "uploading" the usage and other accounting 35 FIG. 1 is an illustration of the data communication 
date to the central or host computer. system in which a remote control module of the present 

The RCM of the present invention also includes: (I) invention is employed, 
programmable modules for preventing unauthorized FIG. 2 is a block diagram of the remote control mod- 
use, copying, vandalism and modification of download- ule employed in accordance with the present invention, 
able data and programs during or after transmission to 40 FIGS. 3A and 3B are circuit diagrams of the remote 
the target computer; (2) a polynomial generator/- control module shown in FIG. 2. 
checker for generating block check characters for as- 
suring the integrity of data and programs transmitted DETAILED DESCRIPTION OF THE 
and received; (3) a voice-data switch for switching PREFERRED EMBODIMENT 
between data communication (with the central or host 45 Referring now to FIG. 1, software rental system 10 
computer) and voice usage of the telephone line via the generally comprises host computer 12, target computer 
RCM; and (4) an audio amplifier and speaker so as to 14, remote control module (RCM) 16 associated with 
permit monitoring of activity on the communication the host computer 12, and RCM 18 associated with the 
line during data transfers by the RCM. target computer 14. Communication between the host 

With the features listed above, the proposed system 50 computer 12 and the target computer 14 and their re- 
provides for error-free transmission of programs or spective RCMs 16 and 18 is accomplished via a standard 
other data between a host computer and a target com- serial RS232 communications link, 
puter, and for the secure transmission, reception and In operation, programs to be provided to authorized 
usage of programs or other data transferred between the users on a rental basis are stored in the host computer 
host computer and the target computer. The audio am- 55 12. Typically, the host computer 12 is owned by a soft- 
plifier and speaker can be used by the customer to moni- ware rental service or company and is located at their 
tor activity on the communication line during data offices. As shown in FIG. 1, the host computer 12 is 
transfers between the target and host computers. Fi- connected to the public switched telephone network 26 
nally, the RCM can be controlled to function as a con- via serial data line 20 RCM 16. 
ventional modem when conventional telecommunica- 60 The target computer 14 is the computer of any user, 
tions service is desired. A voice/data selector switch is and may be a workstation, niinicomputer, or even a 
provided so that the user can select between voice and mainframe. However, for purposes of software rental, 
data communications. the most likely target computer is expected to be a 

The proposed software rental system has the capabil- personal computer, owned and operated by a user in a 
ity to provide users with access to a wide range of 65 home or office setting. 

software, including virtually all software that is sold for The target computer 14 is connected to telephone 
use on a personal computer. Thus, the system is particu- network 26 via serial data line 22 and RCM 18. RCM 18 
larly suited to the dissemination, on a pay-for-use basis, is also connected to a conventional source of AC power 
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via power line 28, which also can be provided to the Program memory 52 is any conventional read-only 
target computer 14 by RCM 18 via power line 24. memory (ROM) and is used to store the program exe- 
In operation, the host computer 12 can "dial up" the cuted by microprocessor 50 in performing the functions 
target computer 14 and, conversely, the target com- of RCM 18. An erasable/programmable read-only 
puter 14 can "dial up" the host computer 12. Functions 5 memory (EPROM), e.g., a 27128, may be used for pro- 
of the host computer 12 include transmission of soft- gram memory 52 when the modification of functions 
ware to the target computer 14, request for and recep- performed by RCM 18 may be desirable. However, an 
tion of customer usage data associated with the target equivalent conventional ROM is acceptable and, typi- 
computer 14 from RCM 18, and performance of various cally, is a lower cost device. 

accounting and software rental business functions. 10 Read/write memory 54 is, preferably, implemented 

RCMs 16 and 18 and the methods for using them by a Toshiba TC5565 static random access memory 
which are disclosed herein are intended to work with (RAM) having a capacity of at least 8 kilobytes. Back- 
any type of host computer 12 and target computer 14. up battery power is provided by power supply 58 to 

The softwarejnstalled in_the host computer 12_and.the ensure-that-the-contents-of-memory-54-are not lost if 

target computer 14 will, of course, be different for dif- 15 power to the RCM 18 is interrupted. 

ferent types of computers, but the methods remain the RTC 56 is, preferably, an ICM 7170 device manufac- 

same. tured by Intersil. The latter circuit maintains the date 

In accordance with the present invention, at any and time to the nearest 0.01 second. The occurrence of 

given time, the host computer 12 can communicate a leap year is automatically accommodated. RTC 56 is 

simultaneously with any number of target computers 20 connected to the power supply 58 and receives battery 

depending on the number ofRCM*s attached to, and the backup therefrom in case of power failure. RTC 56 

communications capacity of the host computer 12. functions in a conventional manner to provide control 

Thus, by adding host computer RCMs and, if necessary, and time information, upon request, to microprocessor 

host computers, a virtually unlimited number of target 50. This enables the RCM 18 to perform its function of 

computers 14 associated with RCMs 18 can simulta- 25 developing time, accounting and billing data relative to 

neously access rental software packages from the host customer access to and use of programs initially stored 

computer®. in the host computer 12. Such time and billing data are 

Communication with the host computer 12 is an inte- provided to the host computer 12 by RCM 18 on com- 

gral part of the software rental concept of the present mand from the host computer 12. 

invention, but the timing of communication of usage 30 Power supply 58 provides direct current power to the 

data to the host is not critical, since it is primarily for various other circuit elements of the RCM 18. In the 

accounting and other administrative functions. Of event of a power faflure or turning off of the AC power 

course, the target computers) 14 can run rental soft- to the RCM 18, a "battery backup" feature of the pres- 

ware whenever and as often as the user desires. ent invention detects such condition, and the internal 

Host computer 12 employs RCM 16 rather than 35 battery of RCM 18 provides battery backup power to 

merely a conventional modem to provide also for data the read/write memory 54 to protect data stored 

integrity and program security. RCM 16 includes error therein, and to RTC 56 to maintain operation thereof. In 

detection circuits and data encryption modules for use this manner, the contents of the memory 54 and the 

in conjunction with communication from host com- operation of the RTC 56 are not disturbed by a loss of 

puter 12. 40 AC power. Preferably, the internal battery of power 

Finally, as seen in FIG. 1, telephone 30 may be con- supply 58 is a conventional rechargeable battery such as 

nected to RCM 18 via telephone line 32, using standard to preserve the contents of memory 54 and maintain 

RJ1 1 modular plugs. In addition, a switch (not shown) operation of RTC 56 for several years, if necessary, 

may be provided on the front panel (not shown) of Once AC power is restored to the system, the internal 

RCM 18 for use by the customer to select voice or data 45 battery returns to its "wait" state, and power is not 

modes of communication. In the voice mode, telephone expended by the internal battery. 

30 can be used to conduct voice communication over RCM 18 is provided with one standard 110 VAC 

telephone network 26. output receptacle for receiving the standard electrical 

Referring now also to FIGS. 2, 3A and 3B, RCM 18 power plug for the target computer 14. The receptacle 

comprises microprocessor 50, program memory 52, 50 is relay-controlled so that switched AC power output is 

read/write memory 54, real-time clock (RTC) 56, provided to the target computer 14 via power line 24. In 

power supply 58, priority interrupt control circuit 60, this manner, target computer 14 can be turned on or off 

light-emitting diode (LED) displays 62, modem 64, dial by RCM 18 for certain functions as described elsewhere 

access arrangement (DAA) 66, RS232 serial data inter- in this specification. 

face 68, data encryption/decryption module 70, and 55 Device interrupts generated within RCM 18 of FIG. 
polynomial generator and checker (PGC) 72. 2 are merged in priority interrupt control circuit 60, 
Microprocessor 50 is any conventional microproces- which comprises a 74LS348 integrated circuit chip, 
sor, but may be a multi-port integrated circuit device, Microprocessor 50 supports only two priority inter- 
such as an 8031 microprocessor, the ROM-less version rupts, namely, INTO and INT1. INTO is unassigned and 
of the 805 1 microprocessor 50 (FIG. 2) and the speed of 60 is available as a test point for use with various test equip- 
the communications link between the host computer 12 ment All other interrupts are assigned to INT1. Since 
and the target computer 14 (FIG. 1) are not critical to all of the devices of RCM 18 have separate interrupt 
systems constructed according to the principles of the enabling control, any or none of the device interrupts 
present invention. Thus, while higher speed communi- may be used. . 

cation is typically superior to lower speed communica- 65 The nature and source of a particular interrupt is 
tion, the only requirement is that microprocessor 50 be determined by reading terminals P10-P12 (as shown in 
fast enough to implement the various tasks that it is FIG. 3A) of interrupt control circuit 60. Once an inter- 
called upon to perform in its operating environment nipt has occurred, its cause must be resolved by micro- 
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processor 50, or the same interrupt will continue to RCM 18, from the host computer 12. Data decrypted 
recur. A summary of typical interrupts and their priori- by module 70 of RCM 18 was encrypted by a corre- 
ties is given in Table 1 below. spending data encryption/decryption module in RCM 

16 associated with the host computer 12 prior to trans- 
5 mission to the RCM 18. The encryption and decryption 
functions will be discussed in more detail herein below 
in connection with a more complete discussion of the 
software security technique employed by the present 
invention. 

10 Polynomial generator/checker (PGC) 72 is, prefera- 
bly, an SCN2653 device manufactured by Signetics, 
T , , , . , Inc. Preferably, RCM 18 generates block check charac- 

LED displays 62 comprise a number of single light ters (BCC) for eachblock ofdata.to-be-transmitted-by - 

^mrt^gdiode^^ RCM*iTto~thThost computer 12. Correspondingly, 

conditions and the occurrence of certain events Such 15 ea ch block of data received from the host computer 12 
conditions or events include power-on power-off, and by RCM 18 is checked in accordance with the BCC. By 
the status ofcoir^umcatioi^acdvity. During fcagnos- ofa further pre ference, PGC 72 employs a CRC-16 

tic and test functions, the LED displays take on differ- code with an XK+X"+xh 1 divisor In 

ent meanings related to these functions. Jr. „ . , 77 ^ A T ,7™ t m 

Modem 64 includes modulation and demodulation 20 ^ 0 ~df^^ nriT m ^ hlt 
circuitry for sending and receiving data over the public ™ ™ dctec £ L ^ CR f" 16 P 01 ^ 0 ™* * em- 
switched telephone network 26 (FIG. 1). Preferably, ^ yed ** error "** generated are much 
modem 64 is implemented by a 73K222 modem circuit m0T ? T ^* Ue ^ *f nonn ^ sums 
(for 300, 600 and 1200 baud) or a 73K224 modem circuit 1 ? ecL 13 for data transmitted over 
(for 2400 baud) manufactured by Silicon Systems, Inc. 25 ^joWid switched telephone network 26. 
However, other conventional modem circuits, includ- Smce commumcations using the public switched 
ing modem circuits supporting higher baud rates, can be or dial " up ^ephone network 26 are notoriously error 
used to implement the functions of modem 64. More- prone > s P ecial precautions are often taken to at least 
over, since modem 64 can serve as a standard personal detect errors ' tf not correct them. More elaborate 
computer type modem when the target computer 14 is 30 0311 be used t0 correct the errors, and such 
not engaged in accessing rental software, it is not neces- error-correction coding schemes are not precluded by 
sary to include an additional modem for communication ^ P resent design of the RCM 18. However, for rea- 
with other computer services or data base services. sons of economy and speed in data communications, the 
Dial access arrangement (DAA) 66 provides for con- preferred embodiment described herein performs error 
nection of RCM 18 to the public switched telephone 35 det ection only. In the present system, a data block is 
network 26. DAA 66 connects private circuits to the simply retransmitted in the event of an error detection, 
public switched telephone network in compliance with As generally discussed above, the error detection 
FCC regulations, Part 68. Thus, DAA 66 includes method employed herein involves the transmission of a 
transformer isolation, impedance matching circuits, ring specially generated 16-bit code at the end of each data 
detection circuits, voice/data switching circuits, hook 40 block. The check code is generated by PGC 72 using 
relays and other well-known circuitry required for con- ^ e aforementioned CRC-16 polynomial with the afore- 
necting to the public switched telephone network 26. mentioned divisor. At the receiving end, the check code 
The serial data interface 68 is a conventional serial k, m effect, regenerated and compared to the actual 
interface for communication in accordance with stan- check code received. If identity is not present, a trans- 
dard RS232 criteria. More specifically, interface 68 is, 45 mission error has occurred and an error signal is gener- 
preferably, a universal asynchronous receiver/transmit- ated by PGC 72. Once an error is detected, a request for 
ter (UART), model SCC2691, for carrying on serial retransmission is initiated and the data block will be 
data communication between RCM 18 and the target retransmitted by the host computer 12 to RCM 18, or s 
computer 14. Thus, the interface 68 is coupled to a fr° m RCM 18 to the host computer 12, as the case may 
standard RS232 serial port of the target computer 14 via 50 he. 

serial data cable 22. Data is transmitted serially between The check code employed herein can be mathemati- 
the target computer 14 and interface 68, whereas data is cally shown to be very effective in detecting the types 
transmitted in parallel on bus 74 between interface 68 of errors that normally occur over public switched or 
and microprocessor 50. dial up telephone networks such as network 26 (FIG. 

Further considering the serial link between interface 55 1). Simpler schemes could be implemented, and would 
68 and the target computer 14, the clock for the serial not require the use of PGC 72, but such schemes are not 
port of the target computer 14 has a frequency equal to as effective for this application, 
one-fourth the frequency of the internal clock of micro- Accordingly, all communication between the host 
processor 50 of RCM 18. Preferably, the frequency of computer 12 and target computer 14 or RCM 18 em- 
the serial port clock of the target computer 14 is set to 60 ploy the above-described error detection method with 
2.7648 MHz. retransmission of data blocks upon detection of errors. 

The baud rate between the RCM 18 and the target In the latter regard, RCM 18 employs PGC 72 for 
computer 14 may be any value, provided that the RCM checking data received from host computer 12, and a 
18 can buffer the data. The baud rate of the modem 64 corresponding PGC in RCM 16 (FIG. 1) checks data 
is set to 300, 600 or 1200 baud, depending on the trans- 65 received from the target computer 14 or RCM 18. 
mission method chosen. Certain applications of the system 10 (as shown in 

Data encryption/decryption module 70 performs a FIG. 1), in particular for the business of software rental, 
decrypting function with respect to data received by typically will be configured so that the host computer 
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12 sends and receives data/messages to and from the During the time that RCM 18 is not performing data 
target computer 14 over the public switched telephone communications and is not set up in its "automatic an- 
network 26. As also indicated above, RCMs 16 and 18 swer" mode, telephone 30 (if one is attached) is avail- 
serve as interface devices to connect the host computer able for normal use„ and will ring in the usual way 
12 and the target computer 14, respectively, to the tele- 5 when called 

phone network 26. Obviously, while designed to work One feature of the proposed software rental system is 
with the public switched telephone network the present the ability to download software from the host corn- 
invention can be configured to work with any commu- puter 12 to target computer 14 during off-peak hours, 
nications link between the host and target computers. such as late at night. Preferably, the customer will not 
The circuit configurations of RCMs 16 and 18 are 10 be compelled to participate in or supervise the down- 
identical. The operation of the RCM 18 associated with loading of software during such late-night hours. Thus 
target computer 14 and the operation of RCM 16 associ- RCM 18 is able to control the AC power provided to 
ated with host computer 12 is determined by program the target computer 14 in response to control signals 

instructions executed by irdcropro cessor 50. from the host computer 12r In order to enable this fea^ 

— RCMs~16 and"18lpTovide serial communication, via 15 ture of the present invention, the on/off switch of target 

RS232 serial data interface 68, to the host computer 12 computer 14 is left in the "on" position, and the power 

and target computer 14, respectively, each of which is cable 24 (FIG. 1) of target computer 14 is plugged into 

preferably located within a short-distance (Le., a few a receptacle 102 at the rear of RCM 18, RCM 18 being 

feet) of its respective RCM. Whereas a single RCM 18 connected via its own power cord 28 to an AC power 

is required for each target computer 14, a plurality of 20 source, as previously described. Preferably, the front 

RCMs 16 may be used with, host computer 12. In fact, control panel of RCM 18 is provided with an on/off 

the number of RCMs 16 must be equal to the number of switch so that the customer can turn on or turn off the 

simultaneous data-transmission links between the host target computer 14 manually. However, this switch is 

computer 12 and target computers 14 (to download preempted when RCM 18 receives a command from the 

software) or RCMs' 18 (to upload usage and accounting 25 host computer 12 to turn on the target computer 14 for 

data). In this manner, the host computer 12 can carry on late-night operation. 

data conversations with several target computers 14 Accordingly, when downloading of software is de- 

simultaneously. sired, the host computer 12 calls the target computer 14, 

When a customer contracts to participate in the rental and once the call is acknowledged by RCM 18, the host 
software system, the software rental company will pro- 30 computer 12 turns on the target computer 14 by actuat- 
vide the customer, either through sale or rental, with ing the AC power switch in power supply 58 (FIG. 2). 
RCM 18 for connection to and association with the When the target computer 14 is turned on by RCM 18 
customer's target computer 14. Installation of the RCM at the command of the host computer 12, the host com- 
18 is easily performed by the customer. Referring again puter 12 can download software to a storage device (not 
to FIG. 1, RCM 18 is connected to the public telephone 35 shown) associated with the target computer 14. In addi- 
network 26 by means of a standard RJ11 type modular tion, for reasons described below, a special patch for the 
telephone cord extending between RCM 18 and the target computer 14 operating system, which is required 
telephone system jack. In addition, RCM 18 is con- to run the rental software, is also downloaded (if not . 
nected to the target computer 14 via a serial data cable previously downloaded) from the host computer 12 to 
22 and power cable 24, RCM 18 deriving its power 40 the target computer 14. Once the software downloading 
from a conventional AC power source via cable 28. As process is complete, the host computer 12 commands 
an option, telephone (or telephone handset) 30 may also RCM 18 to turn off power to the target computer 14. 
be connected to RCM 18 via telephone cable 32 utiliz- Power to non-essential external peripheral devices 
ing standard RJ11 modular plugs. Thus, when RCM 18 associated with target computer 14, such as a printer, a 
is not being used for data communications, the tele- 45 display device and the like, need not be controlled 
phone 30 can be used for normal voice communications. through RCM 18 since the downloading process does 
When data communications involving RCM 18 are to not require the use of such external peripherals. How- 
take place, RCM 18 performs automatic switching so as ever, if desired, such external peripheral devices may be 
to break the connection between telephone 30 and tele- controlled through the RCM 18 by making appropriate 
phone network 26, and to establish connection between 50 power connections to the RCM 18. 
DAA 66 (FIG. 2) and the network 26. Referring again to FIG. 2, RCM 18 contains a pro- 

During preprogrammed times, as established by the gram memory 52 and a read/write memory 54. The 

software of the host computer 12 and transmitted to program memory 52 holds the program instructions 

RCM 18 and stored in memory 52 of RCM 18, RCM 18 which microprocessor 50 implements in order to ac- 

will initiate an "automatic answer** mode of operation 55 complish the functions of RCM 18. Read/write mem- 

so that it may respond to messages received from the ory 54 holds the accounting data relating to software 

host computer 12. Such communications between the rental by the user of the target computer 14, and also 

host computer 12 and the target computer 14 normally provides buffer storage for communications messages 

occur at night so as to take advantage of low telephone passing between the host computer 12 and the target 

rates in effect at that time, and also to avoid conflicts 60 computer 14. Read/write memory 54 may also store 

with other data transmission functions of target com- other ancillary data. 

puter 14. RTC 56 is included in RCM 18 in order to provide a 

The RCM 18 can also be used as a standard modem real-time time-base, including exact year, month, day 

for the target computer 14, and can be set up to commu- and time. Preferably, accuracy is to the nearest 0.01 

nicate with remote computer or other database services. 65 second. The setting of RTC 56 with the year, month, 

RCM 18 distinguishes between its usage as a standard day and time is strictly controlled by the host computer 

modem and its usage as a special remote control module 12 using security techniques available to it through data 

for controlling access to rental software. encryption/decryption module 70. 
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Overall, RCM 18 is a real-time controller that can be peripheral storage device (e.g., hard disk or floppy disk) 
called into action independently by host computer 12, associated with the target computer 14. 
target computer 14, a change of state of the power Further referring to the encryption process of the 
switches of RCM 18, and other internal conditions. present invention, data encryption/decryption module 
Accordingly, an interrupt system is designed into the 5 70 of RCM 16 uses an encryption key unique to the 
operation of RCM 18, and is used to enable micro- individual target computer in which the rental software 
processor 50 to manage these independently occurring is to be used. Methods of encrypting and decrypting 
real-time .events. The management of interrupts by mi- using an encryption key, such as described in U.S. Pat. 
coprocessor 50 is assisted by priority interrupt control No. 4,649,233, are well-known. However, since the 
circuits 60. 10 encryption key is an important element which the soft- 

An important aspect of the present invention con- ware security scheme of the present invention depends, 
cerns security for rental software executed by the target ^ encryption key itself is always transmitted in en- 
computer 14 (FIG. 1). This software security function is crypted form to RCM 18 (utilizing an encryption key_ 

provided by_the ^cooperation of- data encryption/de- identical-to the encryption-key provided in RCM 18) to 

cryption module 70 in RCM 18 with a corresponding 15 assure Proper systems operation and integrity. When 
data encryption/decryption module in RCM 16 associ- transmitted from RCM 16, the encryption key is then 
ated with the host computer 12. Closely coupled with automatically decrypted as it is received by RCM 18 
the function of providing software security is the func- mm & a x* 0 ^* specif key built into RCM 18 which is 
tion of keeping track of and accounting for the time 10 ^ ch RCM 18 - Tte decrypted en- 

periods during which the target computer 14 is using 20 ^yP* 00 key is then stored in the RCM memory 52 until 
the rental software on which the rental charges are decryption of a key module is required. Since the en- 
based, cryption key is retained in memory 52, the encryption 

In at least some instances, the rental software pro- SXfS* 0nly * ^f^tted to RCM 18 one time. If the 
vided by the host computer 12 may have a very large , c * C ** « * *mp«*d with in any manner, the encryp- 
amount of code and many data files. Of course, it is not 25 Uon ^ ^estroyed. Without the encryption key, de- 
necessary to provide security or protection for each and f 1 ^* 011 of ^ ° f * e ? ntd software at the 
every component or module of most rental programs, <* m P» te ? 14 * essent^y impossible, and use, 
In accordance with the present invention, a particdarij ^ Q g ' T mod ^ff of the re ? * *f 
critical modme-herekafter referred to a! the "key , n e "P™?**; J** techmque employed by 
module»--in each rental program is identified. The key 30 ^ degree / 
module, according to the present invention is essential P r °f*° n *™« d °^™**B.<> { the package via the 

4 ' „ V / ~r 7r 7 " r „ public telephone network 26 owing to encryption of the 

to program execution and without which the overall k modu i e and of the encryption key. 

rental program wiU not .run. As described above, decryption of the key module is 

In addition to identification of the key module, the 35 p^fo^ ^ the data encryption/decryption module 
security ot rental software according to the present 70 ofRCM 18 . The encryption key used in the decryp- 
mvention also requires a special version of the operating tion process k inaccessible to the user. Thus, in accor- 
system to be utilized m the target computer 14. Hie dmse ^ ^ m mvention> a downloaded rental 
special version of the target computer operating system software package will only run on the particular target 
is created by a patch modul^eremafter "operating 40 14 having an encryption key corresponding 

system patch module" or "OSP" module (the OSP is t0 ±e encryption key employed by the host computer 
identical for all rental software executed on target com- n when the key module ofthe rental so ftware package 
outers of the same or similar type), which is down- was encrypted. Since the rental software will operate 
loaded to the target computer 14 along with the rental only on a mget co mput£T 14 serviced by an RCM 18 
software. The OSP module initiates decryption of the 45 utilizing an encryption key unique to the target corn- 
encrypted key module of the rental software package p Uter 14 (to decrypt the key module), no other physical 
by module 70 of RCM 18, then loads the decrypted key or licensing restrictions on the user's ability to make 
module mto the internal memory (not shown) of the copies of the rental software package are required, 
target computer 14 for execution. In addition, periodi- Prior to a customer executing a rental software pack- 
cally while the rental software package is ranning, the 50 age on a target computer, the software package will 
OSP module communicates with the RCM 18 to pro- have been transmitted electronically or by other suit- 
vide verification that it is still connected to the target able means and be resident in a peripheral storage de- 
computer 14 for security and accounting purposes. vice associated with the customer's target computer. 

The key module is encrypted using the Federal Infer- The rental software package will have the correspond- 
mation Processing Data Encryption Standard No. 46, 55 ing OSP module appended and the original key module 
well-known to those of skill in the art, by the data en- will be replaced with an identical encrypted key mod- 
cryption/decryption module 70 of RCM 16. When the ule. 

rental software is transmitted by the host computer 12 Assuming that a customer wishes to run a rental soft- 
over the telephone network 26, the encrypted key mod- ware package protected in accordance with the present 
ule and the associated OSP module are transmitted as 60 invention, the user follows exactly the same procedures 
well. Alternatively, the encrypted module, the OSP for loading the software package from the associated 
module and the unencrypted remainder of the rental peripheral storage device to the internal memory of 
software may be sent to the customer on floppy disks or target computer 14 as if an unrented version of the same 
magnetic tape by mail or other delivery service. When package were being run. However, in a manner trans- 
downloaded from the host computer 12 or loaded from 65 parent to the user, when the key module of the software 
media otherwise provided by a software rental service, package is retrieved from the peripheral storage device 
the entire rental software package (including the en- of target computer 14, the OSP software module is 
crypted key module and OSP module) is stored in a activated. The OSP module fetches the encrypted ver- 



10/31/2003, EAST version: 1.4.1 



13 



5,388,211 



14 



sion of the key module from the peripheral storage 
device (not shown) and sends it to the RCM 18 for 
decryption by the encryption/decryption module 70. 
After decryption, the key module is sent back to the 
target computer 14 and loaded into its internal memory 
(RAM) for execution. At the latter step the OSP mod- 
ule also initiates a timer controlled by the RTC 56 to 
begin recording the actual use time of the rental pro- 
gram for computation of rental time charges. 

The rental program with the decrypted key module 
now stored in the internal memory of target computer 
14 will operate in exactly the same manner as it would 
if it were not a rental package (i.e., the same way as if it 
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In accordance with the present invention, micro- 
processor 50 in RCM 18 is programmed to destroy an 
encryption key if: (1) the RCM 18 is physically tam- 
pered with; (2) the telephone number of the target com- 
puter 14 is changed without notice or the telephone is 
disconnected for longer than a preselected period of 
time (in this case, destruction of the protection key takes 
place only after power is restored). If the encryption 
key is destroyed by the RCM 18, RCM 18 will attempt 
to notify the user by using a special alarm, such as a 
beeping sound or LED display. The host computer 12 
also will be automatically notified by RCM 18, if possi- 
ble. Restoration of the encryption key is then p ossible at 
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of the rentalprogram iscdmplete, control reverts back 15 
to the OSP module. The OSP module then automati- 
cally erases the rental program including the key mod- 
ule from the RAM of target computer 14 and notifies 
RCM 18 that the period of use or rental period has 
stopped. The elapsed time between the starting and 
stopping of the rental program, as well as the time and 
date information, are recorded in memory 54 of RCM 
18 for subsequent, off-line processing. 

It is essential that the RCM 18 be connected to the 
target computer 14 at the time that the rental period 
ends. Connection of RCM 18 to the target computer 14 
insures that the exact time of termination of the rental 
period is recorded. Furthermore, to maintain proper 
security of the rental software in accordance with the 
present invention, while the rental software package is 30 
running, periodically control is passed to the OSP mod- 
ule upon the occurrence of certain periodic events, disk 
access by the target computer 14 operating system for 
example. The OSP module then executes routines to 
prevent circumvention of the rental accounting for use 35 
of the rental software package, and to protect the rental 
software package from theft, vandalism or other unau- 
thorized modification. In particular, the OSP module 
then queries RCM 18 and verifies, through its response, 
that RCM 18 is, in fact, connected to the target com- 40 
puter 14. If it is, execution of the rented software contin- 
ues; if it is not, the execution is terminated by the OSP 
module and the entire rental software program is erased 
from the target computer 14 RAM. 

It should be noted that the rental software package 45 
itself may be modified by adding code to ascertain that 
the RCM 18 is connected to the target computer 14 
rather than modifying the operating system by adding 
the OSP module for receiving control from the rental 
software package. However, since modifying the rental 50 
package is difficult without assistance from the develop- 
ers of the package, adding the OSP module is prefera- 
ble. Therefore, an operating system, so patched, must be 
used when executing rental software according to the 



While preferred forms and arrangements have been 
described in illustrating the present invention, it is to be 
understood that various changes in detail and arrange- 
ment may be made without departing from the spirit of 
the present invention or from the scope of the appended 
claims. 
I claim: 

1. A method of protecting the security of a computer 
program comprising the steps of: 

selecting at least one portion of said computer pro- 
gram essential to the correct operation of the com- 
puter program, said computer program not opera- 
ble without said portion; 
encrypting said portion with a first encryption key 

utilized by an encryption means; 
adding a decryption program to the operating system 
of a computer in which said computer program is 
to be run, said decryption program including a 
procedure for initiating the decryption of said por- 
tion of said computer program; 
fetching the encrypted version of said portion of said 

computer program; 
sending the encrypted version of said portion of said 
computer program to a decryption means associ- 
ated with said computer in which said computer 
program is to be run; 
decrypting said encrypted portion under the control 
of said decryption program to form a decrypted 
module, utilizing said first encryption key in said 
decryption means of said computer on which said 
computer program is to be rum 
transferring said decrypted module from said decryp- 
tion means to said computer for execution along 
with said computer program; and 
deleting said decrypted module from said computer 
when execution of said computer program is com- 
plete, said decryption program initiating said dele- 
tion of said decrypted module. 

2. The method of claim 1 including the further step of 
present invention. As described above, the OSP module 55 monitoring with monitoring means the elapsed usage 



is downloaded with the rental software package, if it has 
not already been downloaded earlier with another soft- 
ware package. 

The software security scheme of the present inven- 
tion involves encryption of only the key module of the 60 
rental software in a predetermined algorithmic manner 
using an encryption key. Further, the encryption key 
itself is encrypted and transmitted by the host computer 
12 separately. No changes to the functions of the rental 
software are made during the encryption process. Thus, 65 
any software package may be rented without technical 
involvement of the software vendor, and all of the secu- 
rity procedures are transparent to the user. 



time by said computer of said computer program, a 
real-time clock measuring the period of said usage for 
developing time accounting data, said decryption means 
including said monitoring means. 

3. The method of claim 2 further including the step of 
periodically monitoring the state of said decryption 
means and said monitoring means for determining if said 
decryption means and said monitoring means is coupled 
to said, computer, said decryption program responsive 
to the occurrence of a periodic event in the execution of 
said computer program to initiate said periodic monitor- 
ing of said decryption means and said monitoring 
means. 
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4. The method of claim 3 further including the step of 
erasing said computer program from said computer and 
preventing the executing of said computer program if 
said decryption means and said monitoring means are 
decoupled from said computer. 

5. The method of claim 1 including the further steps 
of: 

encrypting said first encryption key with a second 
encryption key utilized in conjunction with said 
encryption means; said second encryption key in- 
corporated in said decryption means associated 
with said computer in which said computer pro- 
gram is to be run; and 
transmitting s aid first encryption key_to_ said decryp- - 
tion'means in an encrypted format. 
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6. The method of claim 1 further including the step of 
erasing said first encryption key if the integrity of said 
decryption means is lost, 

7. The method of claim 20 wherein said portion com- 
prises at least one byte of data. 

8. The method of claim 1 wherein said portion com- 
prises a portion of an application program. 

9. A method of providing computer programs to 
authorized users on a rental basis, said method compris- 
ing the steps of: 

storing in a host computer a plurality of computer 
programs available to be selected by authorized 
users at a target computer; 

establishing a telephone connection between said host 
computer and said target computer via a host re- 30 
mote control module and a target remote control 
module; 

selecting a computer program to be used on a rental 
basis at said target computer; 

selecting a key module of said selected computer 35 
program that is essential to the operation of said 
selected computer program, said selected com- 
puter program not operable without said key mod- 
ule; 

encrypting said key module in said host remote con- 40 
trol module with a first encryption key; 

encrypting said first encryption key and tnmsmitting 
said first encryption key to said target computer 
separately; 

downloading said selected computer program, in- 45 
eluding said encrypted key module, to said target 
remote control module along with an operating 
system modification routine; 

checking errors in said selected computer program 
and said operating system modification routine as 50 
received at said target remote controlmodule; 

retransmitting portions of said selected computer 
program and portions of said operating system 
modification routine if errors are detected; 

modifying the operating system of said target com- 55 
puter utilizing said operating system modification 
routine, said operating system modification routine 
including a procedure for initiating the decryption 
of said key module; 

disconnecting said telephone connection between 60 
said host computer and said target computer; 

decrypting said first decryption key at said target 
computer; 

fetching said encrypted key module of said computer 
program; 

sending said encrypted key module of said computer 
program to a decryption means associated with 
said target computer; 



65 



decrypting said encrypted key module under the 
control of said operating system modification rou- 
tine to form a decrypted key module, utilizing said 
first encryption key in said decryption means asso- 
ciated with said target computer; 

transferring said decrypted key module from said 
decryption means to said target computer for exe- 
cution as part of said computer program; and 

deleting said decrypted key module from said target 
computer when execution of said computer pro- 
gram is complete, said operating system modifica- 
tion routine initiating said deletion of said de- 
crypted key module. 



— 10-Apparatus for remotely controlling and monitor- 
ing the use of computer programs comprising: 
a host computer having means for storage of a plural- 
ity of computer programs, and having communi- 
cating means for communicating simultaneously 
with a plurality of target computers for download- 
ing said computer programs to said target comput- 
ers and for monitoring the use of said computer 
programs by said target computers, said host com- 
puter remotely controlling said target computers to 
transmit at predetermined times data indicating 
elapsed time of use of downloaded computer pro- 
grams; 

said communicating means including a telephone 
network, a host remote control module, and a tar- 
get remote control module, said telephone network 
being accessible by a dial-up means at said host 
computer and by a dial-up means at said target 
computer; 

said target remote control module having a connec- 
tion to a power source so that power to said target 
computer may be remotely controlled by said host 
computer; 

a telephone connected to said target remote control 
module and being usable for telephone communica- 
tions when said telephone network is not in use; 

said target remote control module being provided 
with an audio amplifier and speaker for connection 
to said telephone network; 

said target remote control module being provided 
with means connected to said telephone network 
for switching between voice and data modes of 
communication capability; 

said host remote control module and said target re- 
mote control module including a microprocessor 
for control thereof, a program memory for storage 
of a program executed by said microprocessor in 
control of said remote control module, a read/- 
write memory, a real time clock for enabling the 
remote control module to provide elapsed time of 
use of downloaded computer programs, a priority 
interrupt control circuit coupled to said micro- 
processor, a plurality of light emitting diodes for 
indicating status conditions within said remote 
control module, a modem for sending and receiv- 
ing data over said telephone network; 

said host remote control module and said target re- 
mote control module including a data encryption/- 
decryption module for permitting transmission of 
computer programs and billing information in en- 
crypted form over said telephone network; 

said host remote control module and said target re- 
mote control module including a polynomial 
generator/checker that generates block check 
characters for each block of data transmitted over 
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said telephone network to detect errors in transmis- 
sion, said remote control modules including means 
for retransmission of data blocks upon detection of 
errors; 

said host remote control module and said target re- 
mote control module including means for automati- 
cally downloading computer programs from said 
host computer to said target computer over said 
telephone network during off-peak hours, and for 
uploading elapsed time of use of downloaded com- 
puter programs from said target computer to said 
host computer over said telephone network during 
off-peak hours; and 
_said_Jarget_remote_control-um^-mcluding- security- 
means for monitoring execution of downloaded 
computer programs and destroying a decryption 
key under predetermined conditions. 

11. Apparatus for controlling and monitoring the use 
of a computer program comprising: 

a host computer having means for storage of com- 
puter programs, and having communicating means 
for communicating simultaneously with a plurality 
of target computers for downloading said com- 
puter programs to said target computers and for 
monitoring the use of said computer programs by 
said target computers, said host computer control- 
ling said target computers to transmit at predeter- 
mined times data indicating elapsed time of use of 
downloaded computer programs; 

said communicating means including a host remote 
control module and a target remote control mod- 
ule; 

said target remote control module having a connec- 
tion to a power source so that power to said target 35 
computer may be controlled by said host com- 
puter; 

said host remote control module and said target re- 
mote control module including a microprocessor 
for control thereof, a program memory for storage 40 
of a program executed by said microprocessor in 
control of said remote control module, a read/- 
write memory, a real time clock for enabling the 
remote control module to provide elapsed time of 
use of downloaded computer programs, a priority 45 
interrupt control circuit coupled to said micro- 
processor, a modem for sending and receiving data 
over said communicating means; 

said host remote control module and said target re- 
mote control module including a data encryption/- 
decryption module for permitting transmission of 
computer programs and billing information in en- 
crypted form over said communicating means; 

said host remote control module and said target re- 
mote control module including a polynomial 55 
generator/checker that generates block check 
characters for each block of data transmitted over 
said communicating means to detect errors in trans- 
mission, said remote control modules including 
means for retransmission of data blocks upon de- 60 
tection of errors; 

said host remote control module and said target re- 
mote control module including means for automati- 
cally downloading computer programs from said 
host computer to said target computer over said 65 
communicating means during off-peak hours, and 
for uploading elapsed time of use of downloaded 
computer programs from said target computer to 
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said host computer over said communicating 
means during off-peak hours; and 
said target remote control unit including security 
means for monitoring execution of downloaded 
computer programs and destroying a decryption 
key under predetermined conditions. 
12. Apparatus for remotely controlling and monitor- 
ing the use of a computer program comprising; 
first and second computers, said first computer hav- 
ing means for storage of a plurality of computer 
programs, and having communicating means for 
communicating with said second computer for 
downloading said computer programs to said sec- 

ond-computer and-for-momtoring~the use of said 

computer programs by said second computer, said 
first computer remotely controlling said second 
computer to transmit at predetermined times data 
indicating elapsed time of use of said downloaded 
computer programs; 
said communicating means including a first transmit- 
ting and receiving means at said first computer, and 
a second transmitting and receiving means at said 
second computer; 
said first transmitting and receiving means and said 
second transmitting and receiving means including 
a microprocessor for control thereof, a program 
memory for storage of a program executed by said 
microprocessor, a read/write memory, a real time 
clock for enabling measurement of elapsed time of 
use of said downloaded computer programs, a pri- 
ority interrupt control circuit coupled to said mi- 
croprocessor, means for indicating status condi- 
tions of said communicating means, and a modem 
for sending and receiving data; 
said first transmitting and receiving means coupled to 
said first computer for transmitting a program and 
associated program information from said first 
computer and for receiving said data indicating 
elapsed time of use to be supplied to said first com- 
puter; 

said second transmitting and receiving means coupled 
to said first transmitting and receiving means and to 
said second computer for receiving the program 
and associated program information transmitted 
from said first transmitting and receiving means 
and for transmitting said data indicating elapsed 
time of use to said first transmitting and receiving 
means; 

encryption means coupled to said first computer and 
to said first transmitting and receiving means for 
encrypting at least one preselected portion of the 
program and associated program information to be 
transmitted from said first transmitting and receiv- 
ing means to form an encrypted information mod- 
ule, said encryption means including a first encryp- 
tion key for encrypting said encrypted information 
module, said preselected portion including at least 
one portion of a computer program essential to the 
correct execution thereof; 
decryption means coupled to said second transmitting 
and receiving means for decrypting said encrypted 
information module to form a decrypted informa- 
tion module, said decryption means including a 
copy of said first encryption key for decrypting 
said encrypted information module; and 
transfer means for transferring said decrypted infor- 
mation module to said second computer for execu- 
tion by said second computer and for deleting said 
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decrypted information module from said second 
computer when execution by said second computer 
of the received program and program information 
is entirely completed. 

13. Apparatus as in claim 12 further including moni- 
toring means coupled to said transfer means for record- 
ing time accounting information from the time said 
decrypted information module is transferred to said 
second computer, until said decrypted information 
module is deleted from said second computer by said 
transfer means. 

14. Apparatus as in claim 13 further including: 
memory means coupled to said monitoring means for 

storing said time accounting information, said sec- 
ond -transmitting - and receiving meansT being^ re- 
sponsive to a command from said first computer 
for transmitting said time accounting information 
to said first computer, 
error detection means coupled to said first transmit- 
ting and receiving means for detecting the presence 20 
of an error in said time accounting information 
transmitted by said second transmitting and receiv- 
ing means and for producing an error signal; and 
retransmission means coupled to said error detection 
means and responsive to said error signal for pro- 25 
during a signal representing a request for retrans- 
mission of said time accounting information, said 
second transmitting and receiving means respon- 
sive to said request for retransmission for retrans- 
mitting said time accounting information. 

15. Apparatus as in claim 14 further including activat- 
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ing means responsive to a first command from said first 
computer for activating said second computer. 

16. Apparatus as in claim 12 further including: 
a second encryption key included in said encryption 

means for encrypting said first encryption key to 
form an encrypted first encryption key; and 
a copy of said second encryption key included in said 
decryption means for decrypting said encrypted 
first encryption key. 

17. Apparatus as in claim 12 wherein: 
said decryption means in said second transmitting and 

receiving means comprises means for decrypting 
the encrypted information module in response to 
request of a user of said second computer to use the 45 
program and associated program information, said 
second transmitting and receiving means there- 
upon transmits the decrypted information module 
to said second computer. 

18. Apparatus as in claim 12 further including: 
error detection means coupled to said second trans- 
mitting and receiving means for detecting the pres- 
ence of an error in the program and associated 
program information transmitted by said first trans- 
mitting and receiving means and for producing an 55 
error signal; and 

retransmission means coupled to said error detection 
means and responsive to said error signal for pro- 
ducing a signal representing a request for retrans- 
mission of the program and associated program 60 
information transmitted by said first computer, said 
first transmission and receiving means being re- 
sponsive to said request for retransmission for re- 
transmitting the program and associated program 
information. 

19. Apparatus as in claim 12 wherein said first and 
second transmitting and receiving means are coupled to 
each other via a public communication network. 



20. Apparatus as in claim 19 wherein said first and 
second transmitting and receiving means each include 
connection means for connecting said first and second 
transmitting and receiving means, respectively, to said 

5 public communications means. 

21. Apparatus as in claim 20 further including a tele- 
phone coupled to said connection means associated 
with said second transmitting and receiving means, said 
connection means including means for connecting said 

10 telephone to said public communications network when 
said transmitting and receiving means is not receiving 
the program and associated program information and 
said transmitting means is not- transmitting said time 

acc^untmg.infonnation. : 

15 22. Apparatus as in claim 12 wherein: 

when said decrypted information module is trans- 
ferred to said second computer, said decrypted 
information module is stored in memory means 
which prevents copying. 
23. In a system having a central means for storage of 
a plurality of computer programs, and having commu- 
nicating means for communicating with a computer for 
downloading said computer programs to said computer 
and for monitoring the use of said computer programs 
by said computer, said computer being controlled to 
transmit at predetermined times data indicating elapsed 
time of use of downloaded computer programs, a re- 
mote control device for controlling and monitoring the 
use of said downloaded computer programs that include 
30 encrypted portions in said computer, said remote con- 
trol device comprising: 
a microprocessor for control thereof, a program 
memory for storage of a program executed by said 
microprocessor in control of said remote control 
device, a read/write memory, a real time clock for 
enabling said remote control device to provide 
elapsed time of use of said downloaded computer 
programs, a priority interrupt control circuit cou- 
pled to said microprocessor, means for indicating 
status conditions within said remote control de- 
vice, and a modem for sending and receiving data; 
first coupling means coupling said remote control 
device to said computer for traiisferring prese- 
lected portions of said computer programs that 
include encrypted portions between said remote 
control device and said computer; 
monitoring means coupled to said first coupling 
means for monitoring usage of said computer pro- 
grams in said computer and for developing time 
accounting data relative to said usage; and 
decryption means coupled to said first coupling 
means for decrypting preselected encrypted por- 
tions of said computer programs, said decryption 
means including a first encryption key for use by 
the decryption means in decrypting said prese- 
lected encrypted portions of said computer pro- 
grams, said first coupling means transferring said 
preselected encrypted portions of said computer 
programs from said computer to said decryption 
means when said computer programs are loaded 
into said computer, said decryption means decrypt- 
ing said preselected encrypted portions of said 
computer programs, said first coupling means 
transferring said decrypted preselected portions of 
said computer programs from said decryption 
means to said computer for execution, said moni- 
toring means monitoring the usage of said com- 
puter programs from the point in time of the trans- 
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fer of said decrypted preselected portions of said means for generating error-correction signals to correct 

computer programs from said decryption means to any errors so detected in said preselected computer 

said computer. programs. 

24. A remote control device as in claim 23 further 28. A remote control device as in claim 26 wherein 

comprising: 5 said error detection means includes retransmission 

second coupling means coupling said remote control means responsive to said error-correction signals to 
device to a host computer via a communications generate a retransmission request signal, said host corn- 
link; and puter responsive to said retransmission request signal 

transmitting and receiving means coupled between for retransmitting said blocks of computer programs 

said first and second coupling- means and to said 10 containing errors. 

monitoring means for receiving preselected com- 29. A remote control device as in claim 24 wherein 

puter programs transmitted from said host com- said monitoring means includes real-time clock means 

puter for further transfer to said computer, said for providing timing information and generating a sig- 

transmitting and receiving means responsive in nal forjise in said remote control . device. 



conj unction -with said monitoring means to - a"first~l 5 30. A remote control device as in claim 29 wherein 

command transmitted by said host computer to said monitoring means further includes memory means 
transmit said time accounting data relative to said for storing said time accounting data, said transmitting 
usage from said monitoring means to said host and receiving means responsive at preprogrammed 
computer. times to said signal to transmit said time accounting data 

25. A remote control device as in claim 24 wherein 20 to said host computer. 

said transmitting and receiving means comprises a 31. A remote control device as in claim 24 wherein 
modem and said communication link comprises a public said decryption means further includes a second en- 
telephone network. cryption key for use by said decryption means in de- 

26. A remote control device as in claim 24 further crypting said first encryption key, said first encryption 
comprising error detection means for detecting the 25 key transmitted from said host computer in an en- 
presence of an error in blocks of said preselected com- crypted format 

puter programs transmitted from said host computer 32. A remote control device as in claim 23 wherein 
and for generating an error signal when an error is so said decryption means includes a second encryption key 
detected. for use by said decryption means in decrypting said first 

27. A remote control device as in claim 26 wherein 30 encryption key. 

said error detection means includes error correction * * * * * 
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